The Obama administration is crafting an executive order designed to keep the country’s most important digital systems safe from hackers and spies — a new regulatory burden sure to make many in industry recoil.

Text Size

So the White House is bringing in key players for meetings now — getting early input that the feds hope will make any new rules easier to enforce and voluntary pieces more likely to produce results.

“We kicked off a robust sort of outreach, and I would almost frame it as a listening session tour over the past couple months,” said Michael Daniel, cybersecurity coordinator at the White House, in an interview with POLITICO.

He acknowledged the effort is “highly unusual” for an executive order, but a necessary process on cybersecurity “due to the important role all of these partners are going to play, to carry out what we’re trying to achieve.”

Many of the administration-led meetings have been with the operators of power plants, water systems, key financial sector assets and other businesses that would be impacted directly by an executive order, sources told POLITICO.

Top tech trade groups, including the Information Technology Industry Council, which represents companies like Apple and Google, had their own sessions, as did public-interest groups including the American Civil Liberties Union and the Center for Democracy and Technology.

Even the recalcitrant U.S. Chamber of Commerce — a fierce opponent of the administration’s plans — met with top Obama cyber advisers at the end of last month.

Together, the meetings are but a page from the playbook already guiding the administration’s efforts on the fiscal cliff and other high-profile policy pushes that have failed to clear a Congress still overwhelmed by partisan obstruction. And the talks come as a relief for industry players who were waiting anxiously during the campaign season, unsure whether they’d be dealing with a new Congress or White House on cybersecurity.

In a sense, the White House in this fight has no choice. Its plan for critical infrastructure to submit voluntarily to new security benchmarks is going to require meaningful industry support. Complicating the process, though, is that an executive order is limited in what it can accomplish — and how it can sweeten the pot for companies.

For example, the White House acting on its own can only use existing law to foster new, voluntary security improvements at the nation’s most critical entities. Neither can it deliver on the sort of legal liability protections that companies sought in legislation. And the administration also is hamstrung in how it can help companies and the government share data on emerging cyberthreats. Ultimately, it means the White House can’t implement the more robust system of information exchange that lawmakers sought and companies desire.

“Obviously, when you’re talking about critical infrastructure, most of that is owned by the private sector. We do need to do this in a collaborative fashion,” the senior administration official said.

The unknown factor, though, is the election.

A new cast of characters will take the reins in the cyber debate on the Hill. Sen. Joe Lieberman (I-Conn.), the chairman of the Senate Homeland Security and Governmental Affairs Committee, which takes the lead on cybersecurity issues, will be replaced by Sen. Tom Carper (D-Del.), who has supported Lieberman’s bill requiring cyber standards for critical infrastructure but may be more open to compromise. Sen. Susan Collins (R-Maine), one of Lieberman’s key co-sponsors, also is leaving the panel’s top Republican slot because of term limits.

Readers' Comments (7)

I'm just finishing "Cyber Wars" by Richard Clarke, good book on the subject BTW. In his book Clarke writes about the IT industry being lax on security and being open targets for state sponsored cyber attacks as well as our military.

Clarke identifies three sectors ripe for attack. They are the banking/financial systems, the national power systems and the military. Industry in general has been attacked by hackers for years and industrial secrets and business plans and designs have been stolen years ago and are being stolen today. Most businesses don't know it, or if they do, won't admit to it.

But the big problem isn't the loss of IP from businesses, it's the damage that can be done with "logic bombs" placed in unprotected computers throughout the country. With a few commands China, or Iran, or Russia, or any other country could launch a cyber war that could take down our banking system, or the stockmarket, or the power grid, burn up power generators or overload transformers and throw much of the country into the dark for months.

Those who would attack us through the Internet could do it at a moments notice, too late to even try to throw up some sort of defence. With what could be thousands of logic bombs sitting on your Aunt Betty's unprotected computer, or on the computer in your son's room, throughout the country there would be no way to stop the attack once triggered.

But Richard Clarke talks about regulations to enforce some level of cyber security and has rightly said that industry would scream bloody hell if forced to upgrade their security and demand that the US tax payer foot the bill.

In the book, Clarke writes about the military networks. There are three. A low security nework which connects the MIC .coms to the Internet. A second network more secure where there is no physical connection to the Internet, they think, but where information from the Internet is sometimes transfered with thumb drives, CD's and DVD's from the MIC companies on the unsecure Internet to the "secure" military network which could bring along with the data malware.

There is no common standard for security on the Internet and there are no regulations requiring companies dealing with the government to provide a standard level of security.

Unless you are constantly monitoring your networks for intrusion, hackers may be stealing you blind or planting some very nasty malware on your computers and you might never know it.......... until it too late.

"If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked." — White House Cybersecurity Advisor, Richard Clarke

Wouldn't surprise me if the Chinese have inserted backdoor access or kill switches in ROM chips in many types of devices they sell to the US, including those used in military electronics and hardware. No telling how much computer hardware, modems, routers, etc. could be at risk since so much is made in China. 2007 Christmas Holidays: Imported Digital Photo Frames Infected with Chinese Malware http://www.sfgate.com/business...

Following the first post, IT companies within America, this actually has nothing to do with "National Security". Nor should it ever be determined by such. National security should not be concerned with these corporations anymore than they should with how you or I defend our own homes. We do not house state officials or their secrets, we are not subject to such concerns. We do house innovation, which should never be subjected to such scrutiny as to who or what it ever goes to, unless specifically contracted as such.

FIX THE ECONOMY FIRST

Additional homework: The government FBI I.T. overhaul. A clear look at government waste within the I.T. infrastructure. It's a common case study on what not to do for project management and government waste.....for the 1% that will look it up. It's initial fuel was also simply "terrorism".

Nothing infuriates Republicans more than having their obstructionism bypassed. Full steam ahead on the executive order, Mr. President. Slow, dysfunctional Congress will eventually get around to passing the needed legislation, but our national security can't wait on Congress. It may be 2015 before the needed legislation gets passed, after American voters, finally fully aware and sick of intentional Republican dysfunction and obstructionism, replace Republicans in Congress with rational, responsible Democrats.

So the "King" has once more decided that the "House of Lords' is irrelevant under his rule and issues another proclamation. The American system of governing has finally revealed a fatal flaw. The governed can vote their Constitutional rights away.

So - Herr Dictator is getting ready to issue another royal decree, bypassing the Constitution once again. Who needs Congress to make laws when the marxist dictator can just issue edicts which ignore Congress, the courts, the Constitution, the law, the people, and more than two hundred years of legal precedent? Oh, they'll put up a show of "consulting" with various groups, but in the end the dictator will do what dictators always do.

What's the use of cybersecurity when all the computers are fried in an EMP attack or by a solar flare,(which happened around 1860 and destroyed the telegraph system,literally melting the wires ). How stupid can Congress be when they will approve money for cybersecurity, but have refused to appropriate 100 million (chump change ) for a system that woud protect us from damage caused by flares or EMP attacks that would fry the electrical grid,destroy EVERYTHING electrical,cost MILLIONS of lives,and trillions to fix,and would send us back to the 19th century for 3 years or more. 100 million--one third Solyndra- to prevent TRILLIONS of damage,the loss of MILLIONS of lives and 3 or more years of starving in the darkness and Congress refuses to allocate the money for it. We will get EXACTLY what we deserve. We have elected the enemy..